projects / qtbase-opensource-src.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 03f0e34) | patch
QDnsLookup/Unix: make sure we don't overflow the buffer
authorDebian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Mon, 13 Nov 2023 08:21:47 +0000 (11:21 +0300)
committerDmitry Shachnev <mitya57@debian.org>
Mon, 13 Nov 2023 08:21:47 +0000 (11:21 +0300)
commitd2d7bd4d7733c618e64c0a6fd70a38aca18ce7a7
tree785e600bef1eff6cf31677d9d4ce768da5db9786tree | snapshot
parent03f0e34e748070421ccc03452ff7b805e4d31882commit | diff
QDnsLookup/Unix: make sure we don't overflow the buffer

Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=7dba2c87619d558a
Last-Update: 2023-05-25

The DNS Records are variable length and encode their size in 16 bits
before the Record Data (RDATA). Ensure that both the RDATA and the
Record header fields before it fall inside the buffer we have.

Additionally reject any replies containing more than one query records.

Gbp-Pq: Name CVE-2023-33285.diff
src/network/kernel/qdnslookup_unix.cpp diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.